Jay Pfoutz
Posts: 4,279 +49
Going okay?
Solved PC not working-virus attacking it
- Thread starter whs1818
- Start date
- Status
Jay Pfoutz
Posts: 4,279 +49
Hello! Are you still with us? Your topic is now marked inactive, because you have lacked to reply.
However, we'd like to still help. Please update us on the state of your PC.
However, we'd like to still help. Please update us on the state of your PC.
I was unable to scan using the ESET Online Scan because I do not have internet access and could not save to my usb drive.
My computer is running slow. It seems that I can open some programs now. It shows that I am connected to the internet, but IE will not open from the desktop or start menu. I no longer see the fake antivirus program anywhere. I was not able to locate svchost.exe to determine if it is running at 100%.
Let me know if there is something else I can try. Thanks.
My computer is running slow. It seems that I can open some programs now. It shows that I am connected to the internet, but IE will not open from the desktop or start menu. I no longer see the fake antivirus program anywhere. I was not able to locate svchost.exe to determine if it is running at 100%.
Let me know if there is something else I can try. Thanks.
Jay Pfoutz
Posts: 4,279 +49
Complete Internet Repair
Please visit this page for a tutorial about Complete Internet Repair, which gives an overview and support information. Otherwise, the download link is at the bottom of the article.
Checkmark the following in the tool:
Please visit this page for a tutorial about Complete Internet Repair, which gives an overview and support information. Otherwise, the download link is at the bottom of the article.
Checkmark the following in the tool:
- Reset Internet Protocol
- Repair Winsock
- Renew Internet Connections
- Flush DNS Resolver Cache
- Repair Internet Explorer
- Reset Windows Firewall Configuration
- Restore the Default Hosts File
- Once ready, hit the Go! button.
- If may have you reboot your computer.
- Once that's done, let me know if this restore Internet Access successfully.
Jay Pfoutz
Posts: 4,279 +49
Is this going okay?
Jay Pfoutz
Posts: 4,279 +49
Okay...
Jay Pfoutz
Posts: 4,279 +49
Okay...
Jay Pfoutz
Posts: 4,279 +49
Hello, are you still with us? Please update us with the state of your situation, so we know how to continue from here.
We'd still like to help. Topic marked inactive, until your return.
We'd still like to help. Topic marked inactive, until your return.
I was able to run the complete internet repair and can now open Internet Explorer but I cannot go to any websites. Also, the menu bar does not appear and right clicking does not work to see if it is checked or not. Still running slow but seemed to be a little faster than last time I logged on. Sorry for the slow responses-had a cazy week.
Jay Pfoutz
Posts: 4,279 +49
Kaspersky GetSystemInfo Scan
Please download the latest version of Kaspersky GetSystemInfo (GSI) from Kaspersky and save it to your Desktop.
Note: please close all other applications running on your system.
Double click GetSystemInfo.exe to open it. It will display an agreement. Click on I Agree to continue.
Click the Settings button.
Set the slider to Maximum.
IMPORTANT! Then, click Customize - choose Driver / Ports tab and uncheck Scan Ports.
On the General tab, make sure all of the boxes are checked.
On the Misc tab, make sure all the checkboxes are checked.
Then, click OK on the windows that you launched.
Click Create Report to run it.
It will begin scanning.
It will create a zip folder called GetSystemInfo_XXXXXXXXXXXXXX.zip on your Desktop.
It should automatically upload it to http://www.getsysteminfo.com. If it does not, then please submit it manually by going to the site and doing the upload process.
It will redirect to a page, where it will provide a sharing URL for specialists. Copy and paste the url of the GSI Parser report in your next reply.
Please download the latest version of Kaspersky GetSystemInfo (GSI) from Kaspersky and save it to your Desktop.
Note: please close all other applications running on your system.
Double click GetSystemInfo.exe to open it. It will display an agreement. Click on I Agree to continue.
Click the Settings button.
Set the slider to Maximum.
IMPORTANT! Then, click Customize - choose Driver / Ports tab and uncheck Scan Ports.
On the General tab, make sure all of the boxes are checked.
On the Misc tab, make sure all the checkboxes are checked.
Then, click OK on the windows that you launched.
Click Create Report to run it.
It will begin scanning.
It will create a zip folder called GetSystemInfo_XXXXXXXXXXXXXX.zip on your Desktop.
It should automatically upload it to http://www.getsysteminfo.com. If it does not, then please submit it manually by going to the site and doing the upload process.
It will redirect to a page, where it will provide a sharing URL for specialists. Copy and paste the url of the GSI Parser report in your next reply.
I don't know if this will change anything or not, but I tried my firefox browser and it works fine. My Internet Explorer still is not working. It opens but when I type an address in there is no response. It doesn't even act like it is trying to load the page and there is no menu bar as I mentioned previously.
Jay Pfoutz
Posts: 4,279 +49
Please list all the antivirus/security software you have...
CCleaner Temporary Files Cleaning
NOTE: If you already have this installed, you don't have to reinstall it.
Please download CCleaner Slim and save it to your Desktop - Alternate download link
When the file has been saved, go to your Desktop and double-click on ccsetupxxx_slim.exe
Follow the prompts to install the program.
Caution: Only use the Registry feature if you are very familiar with the registry.
Always back up your registry before making any changes. Exit CCleaner after it has completed it's process.
CCleaner Temporary Files Cleaning
NOTE: If you already have this installed, you don't have to reinstall it.
Please download CCleaner Slim and save it to your Desktop - Alternate download link
When the file has been saved, go to your Desktop and double-click on ccsetupxxx_slim.exe
Follow the prompts to install the program.
- Double-click the CCleaner shortcut on the desktop to start the program.
- A prompt will ask you if you want CCleaner to do a check to see what cookies it needs to keep. Allow that operation.
- On the Cleaner tab, click on Run Cleaner on the bottom-right to run the program.
- Important: Make sure that ALL browser windows are closed before selecting Run Cleaner, or it will ask if you want the program to close them for you (when you do this, all unsaved data may be lost in the browser).
Caution: Only use the Registry feature if you are very familiar with the registry.
Always back up your registry before making any changes. Exit CCleaner after it has completed it's process.
Jay Pfoutz
Posts: 4,279 +49
Please download the Fix IE Utility to your desktop.
Before running the utility, make sure that all your Internet Explorer windows are closed!
Before running the utility, make sure that all your Internet Explorer windows are closed!
- Extract the contents of the .zip file to your desktop.
- Double click the Fix IE Utility button to run the tool.
- Click Run Utility
- Click OK when you see 'Re-registered all files'
- Open Internet Explorer and see how it works.
Jay Pfoutz
Posts: 4,279 +49
Adware Cleaning
Please download AdwCleaner by Xplode onto your Desktop.
Junkware Removal Tool
Please download Junkware Removal Tool to your desktop.
ESET Online Scan
Please run a free online scan with the ESET Online Scanner
Any more issues?
We need to know any other issues that are plaguing your computer. Kindly give a summary so we know how to continue from here.
Many of the things to note for us would be:
Note: Absence of issues does not mean that you're protected in the future.
Please download AdwCleaner by Xplode onto your Desktop.
- Double click on AdwCleaner.exe to run the tool.
- Click on Delete.
- A logfile will automatically open after the scan has finished.
- Please post the content of that logfile in your reply.
- You can find the logfile at C:\AdwCleaner[Rn].txt as well - n is the order number.
Junkware Removal Tool
Please download Junkware Removal Tool to your desktop.
- Warning! Once the scan is complete JRT will shut down your browser with NO warning.
- Shut down your protection software now to avoid potential conflicts.
- Temporarily disable your antivirus and any antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.
- Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click JRT and select Run as Administrator
- The tool will open and start scanning your system.
- Please be patient as this can take a while to complete depending on your system's specifications.
- On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
- Copy and Paste the JRT.txt log into your next message.
ESET Online Scan
Please run a free online scan with the ESET Online Scanner
- Tick the box next to YES, I accept the Terms of Use
- Click Start
- When asked, allow the ActiveX control to install, or it will ask to download an installer. Please do so an install it.
- Click Start or wait for the scanner to load.
- Make sure that the options Remove found threats and the option Scan unwanted applications are checked.
- Click Scan (This scan can take several hours, so please be patient)
- Once the scan is completed, there are a couple of things to keep in mind:
- 1. If NO threats were found, allow the scanner to Uninstall on close and then close the Window.
- 2. If threats WERE detected, click on List of Threats Found, Export to Text File...save it as ESET-Scan-Log.txt. Click the back button/link, put a checkmark to Uninstall Application on Close and then close the window.
- Open the logfile from wherever you saved it
- Copy and paste the contents in your next reply.
Any more issues?
We need to know any other issues that are plaguing your computer. Kindly give a summary so we know how to continue from here.
Many of the things to note for us would be:
- Slow computer
- Error messages
- Fake antivirus alerts or the icon in the system tray
- svchost.exe running at 100%
- System crashes or blue screen of death
Note: Absence of issues does not mean that you're protected in the future.
# AdwCleaner v2.113 - Logfile created 03/04/2013 at 08:19:10
# Updated 23/02/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 2 (32 bits)
# User : Owner - WADE
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Owner.WADE\My Documents\Downloads\adwcleaner.exe
# Option [Delete]
***** [Services] *****
***** [Files / Folders] *****
***** [Registry] *****
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
***** [Internet Browsers] *****
-\\ Internet Explorer v8.0.6001.18702
[OK] Registry is clean.
-\\ Mozilla Firefox v8.0.1 (en-US)
*************************
AdwCleaner[S1].txt - [2031 octets] - [24/01/2013 14:00:35]
AdwCleaner[S2].txt - [1201 octets] - [04/03/2013 08:19:10]
########## EOF - C:\AdwCleaner[S2].txt - [1261 octets] ##########
# Updated 23/02/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 2 (32 bits)
# User : Owner - WADE
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Owner.WADE\My Documents\Downloads\adwcleaner.exe
# Option [Delete]
***** [Services] *****
***** [Files / Folders] *****
***** [Registry] *****
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
***** [Internet Browsers] *****
-\\ Internet Explorer v8.0.6001.18702
[OK] Registry is clean.
-\\ Mozilla Firefox v8.0.1 (en-US)
*************************
AdwCleaner[S1].txt - [2031 octets] - [24/01/2013 14:00:35]
AdwCleaner[S2].txt - [1201 octets] - [04/03/2013 08:19:10]
########## EOF - C:\AdwCleaner[S2].txt - [1261 octets] ##########
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.6.7 (03.03.2013:1)
OS: Microsoft Windows XP x86
Ran by Owner on Mon 03/04/2013 at 8:57:10.18
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\toolbar\\{ef99bd32-c1fb-11d2-892f-0090271d4f88}
Successfully repaired: [Registry Value] hkey_current_user\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_users\.default\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_users\s-1-5-18\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_users\s-1-5-19\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_users\s-1-5-20\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_users\\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}\\DisplayName
Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}\\URL
Suspicious HKLM\..\Run entries found. Trojan:JS/Medfos.B?
Val Name Type Value Data
======== ==== ==========
vcmlup REG_SZ rundll32.exe "C:\Documents and Settings\Owner.WADE\Application Data\vcmlup.dll",ADeviceGetReport
fprksv REG_SZ "C:\WINDOWS\system32\rundll32.exe" "C:\Documents and Settings\Owner.WADE\Application Data\fprksv.dll",Display
prylag REG_SZ "C:\WINDOWS\system32\rundll32.exe" "C:\Documents and Settings\Owner.WADE\Application Data\prylag.dll",set_write_fn
~~~ Registry Keys
Failed to delete: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{6a1806cd-94d4-4689-ba73-e35ea1ea9990}
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{6a1806cd-94d4-4689-ba73-e35ea1ea9990}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{ef99bd32-c1fb-11d2-892f-0090271d4f88}
~~~ Files
Successfully deleted: [File] C:\WINDOWS\tasks\ISP signup reminder 1.job
Successfully deleted: [File] C:\WINDOWS\tasks\ISP signup reminder 2.job
Successfully deleted: [File] C:\WINDOWS\tasks\ISP signup reminder 3.job
~~~ Folders
Successfully deleted: [Folder] "C:\Program Files\bigfix"
Successfully deleted: [Folder] "C:\Program Files\coupons"
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 03/04/2013 at 9:05:00.92
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.6.7 (03.03.2013:1)
OS: Microsoft Windows XP x86
Ran by Owner on Mon 03/04/2013 at 8:57:10.18
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\toolbar\\{ef99bd32-c1fb-11d2-892f-0090271d4f88}
Successfully repaired: [Registry Value] hkey_current_user\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_users\.default\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_users\s-1-5-18\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_users\s-1-5-19\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_users\s-1-5-20\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_users\\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}\\DisplayName
Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}\\URL
Suspicious HKLM\..\Run entries found. Trojan:JS/Medfos.B?
Val Name Type Value Data
======== ==== ==========
vcmlup REG_SZ rundll32.exe "C:\Documents and Settings\Owner.WADE\Application Data\vcmlup.dll",ADeviceGetReport
fprksv REG_SZ "C:\WINDOWS\system32\rundll32.exe" "C:\Documents and Settings\Owner.WADE\Application Data\fprksv.dll",Display
prylag REG_SZ "C:\WINDOWS\system32\rundll32.exe" "C:\Documents and Settings\Owner.WADE\Application Data\prylag.dll",set_write_fn
~~~ Registry Keys
Failed to delete: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{6a1806cd-94d4-4689-ba73-e35ea1ea9990}
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{6a1806cd-94d4-4689-ba73-e35ea1ea9990}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{ef99bd32-c1fb-11d2-892f-0090271d4f88}
~~~ Files
Successfully deleted: [File] C:\WINDOWS\tasks\ISP signup reminder 1.job
Successfully deleted: [File] C:\WINDOWS\tasks\ISP signup reminder 2.job
Successfully deleted: [File] C:\WINDOWS\tasks\ISP signup reminder 3.job
~~~ Folders
Successfully deleted: [Folder] "C:\Program Files\bigfix"
Successfully deleted: [Folder] "C:\Program Files\coupons"
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 03/04/2013 at 9:05:00.92
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Jay Pfoutz
Posts: 4,279 +49
Waiting on results from ESET scan. 
C:\Documents and Settings\All Users\Application Data\9CD8C475A5F602CD00009CD827A10655\9CD8C475A5F602CD00009CD827A10655.exe Win32/Adware.SystemSecurity.AL application cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\pcdfdata\upkhqqwa.exe Win32/Kryptik.AVEL.Gen trojan cleaned by deleting - quarantined
C:\Documents and Settings\Owner.WADE\Application Data\deypsy.dll a variant of Win32/Medfos.KY trojan cleaned by deleting - quarantined
C:\Documents and Settings\Owner.WADE\Application Data\fprksv.dll a variant of Win32/Medfos.LE trojan cleaned by deleting - quarantined
C:\Documents and Settings\Owner.WADE\Application Data\gredm.dll a variant of Win32/Medfos.KY trojan cleaned by deleting - quarantined
C:\Documents and Settings\Owner.WADE\Application Data\prylag.dll a variant of Win32/Medfos.LE trojan cleaned by deleting - quarantined
C:\Documents and Settings\Owner.WADE\Local Settings\Application Data\ovcgdqiw.exe Win32/Adware.SystemSecurity.AL application cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\pcdfdata\upkhqqwa.exe Win32/Kryptik.AVEL.Gen trojan cleaned by deleting - quarantined
C:\Documents and Settings\Owner.WADE\Application Data\deypsy.dll a variant of Win32/Medfos.KY trojan cleaned by deleting - quarantined
C:\Documents and Settings\Owner.WADE\Application Data\fprksv.dll a variant of Win32/Medfos.LE trojan cleaned by deleting - quarantined
C:\Documents and Settings\Owner.WADE\Application Data\gredm.dll a variant of Win32/Medfos.KY trojan cleaned by deleting - quarantined
C:\Documents and Settings\Owner.WADE\Application Data\prylag.dll a variant of Win32/Medfos.LE trojan cleaned by deleting - quarantined
C:\Documents and Settings\Owner.WADE\Local Settings\Application Data\ovcgdqiw.exe Win32/Adware.SystemSecurity.AL application cleaned by deleting - quarantined
There is a RUNDLL error message that shows upon start-up. It reads "Error loading C:\Documents and Settings\Owner.WADE\Application Data\vcmlup.dll The specified module could not be found." When I open IE, a message appears stating that my last session was closed unexpectedly. Would I like to restore my last session or go to my home page. This occurs even if IE is closed completely when I log off. As of now my computer seems to be running faster-at least as fast as before the virus. Sometimes it will run fine for a while then slow down after I am logged in for several minutes. I will let you know if that happens this time. I thought I knew how to check svchst.exe, but didn't find anything that showed me how it was running. I went to task manager under the processes tab. Is this the right place to look, if so what am I looking for, or where should I go to find this? This is all I have noticed that is current.
Jay Pfoutz
Posts: 4,279 +49
SystemLook x86 scan
Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2
Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2
- Double-click SystemLook.exe to run it.
- Copy the content of the following codebox into the main textfield:
- Click the Look button to start the scan.
- When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
- Status
Similar threads
Latest posts
-
Gigabyte confirms "Ryzen 9000" branding for AMD's upcoming Zen 5 CPUs- antiproduct replied
-
Worry your friends with this $9,420 flamethrower robot dog- themastergoose replied
